Buriburizaemon/nodewarden
1
0
Fork 0
mirror of https://github.com/shuaiplus/nodewarden.git synced 2026-06-20 21:00:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: enhance user registration and authentication flow, improve attachment handling, and strengthen security measures

Browse Source
This commit is contained in:
shuaiplus
2026-02-14 00:34:08 +08:00
parent b33ee64c58
commit 4772c17e44
8 changed files with 131 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/handlers/identity.ts
+7 -6
View File
@@ -32,12 +32,7 @@ export async function handleToken(request: Request, env: Env): Promise<Response>
return identityErrorResponse('Email and password are required', 'invalid_request', 400);
}
const user = await storage.getUser(email);
if (!user) {
return identityErrorResponse('Username or password is incorrect. Try again', 'invalid_grant', 400);
}
// Check if login is rate limited (only after confirming user exists)
// Check login lockout before user lookup to reduce user-enumeration signal
const loginCheck = await rateLimit.checkLoginAttempt(email);
if (!loginCheck.allowed) {
return identityErrorResponse(
@@ -47,6 +42,12 @@ export async function handleToken(request: Request, env: Env): Promise<Response>
);
}
const user = await storage.getUser(email);
if (!user) {
await rateLimit.recordFailedLogin(email);
return identityErrorResponse('Username or password is incorrect. Try again', 'invalid_grant', 400);
}
const valid = await auth.verifyPassword(passwordHash, user.masterPasswordHash);
if (!valid) {
// Record failed login attempt